Search Results (10052 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-0453 7 Canonical, Debian, Ibm and 4 more 12 Ubuntu Linux, Debian Linux, Forms Viewer and 9 more 2025-04-12 N/A
Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Security.
CVE-2015-8871 2 Debian, Uclouvain 2 Debian Linux, Openjpeg 2025-04-12 N/A
Use-after-free vulnerability in the opj_j2k_write_mco function in j2k.c in OpenJPEG before 2.1.1 allows remote attackers to have unspecified impact via unknown vectors.
CVE-2016-5107 3 Canonical, Debian, Qemu 3 Ubuntu Linux, Debian Linux, Qemu 2025-04-12 6.0 Medium
The megasas_lookup_frame function in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds read and crash) via unspecified vectors.
CVE-2016-5108 2 Debian, Videolan 2 Debian Linux, Vlc Media Player 2025-04-12 N/A
Buffer overflow in the DecodeAdpcmImaQT function in modules/codec/adpcm.c in VideoLAN VLC media player before 2.2.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted QuickTime IMA file.
CVE-2015-7984 2 Debian, Horde 3 Debian Linux, Groupware, Horde Application Framework 2025-04-12 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in Horde before 5.2.8, Horde Groupware before 5.2.11, and Horde Groupware Webmail Edition before 5.2.11 allow remote attackers to hijack the authentication of administrators for requests that execute arbitrary (1) commands via the cmd parameter to admin/cmdshell.php, (2) SQL queries via the sql parameter to admin/sqlshell.php, or (3) PHP code via the php parameter to admin/phpshell.php.
CVE-2016-2342 3 Debian, Quagga, Redhat 3 Debian Linux, Quagga, Enterprise Linux 2025-04-12 N/A
The bgp_nlri_parse_vpnv4 function in bgp_mplsvpn.c in the VPNv4 NLRI parser in bgpd in Quagga before 1.0.20160309, when a certain VPNv4 configuration is used, relies on a Labeled-VPN SAFI routes-data length field during a data copy, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted packet.
CVE-2014-3704 2 Debian, Drupal 2 Debian Linux, Drupal 2025-04-12 N/A
The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection attacks via an array containing crafted keys.
CVE-2015-3439 2 Debian, Wordpress 2 Debian Linux, Wordpress 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Ephox (formerly Moxiecode) plupload.flash.swf shim 2.1.2 in Plupload, as used in WordPress 3.9.x, 4.0.x, and 4.1.x before 4.1.2 and other products, allows remote attackers to execute same-origin JavaScript functions via the target parameter, as demonstrated by executing a certain click function, related to _init.as and _fireEvent.as.
CVE-2016-5420 4 Debian, Haxx, Opensuse and 1 more 6 Debian Linux, Libcurl, Leap and 3 more 2025-04-12 N/A
curl and libcurl before 7.50.1 do not check the client certificate when choosing the TLS connection to reuse, which might allow remote attackers to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate.
CVE-2015-4651 3 Debian, Oracle, Wireshark 3 Debian Linux, Solaris, Wireshark 2025-04-12 N/A
The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.12.x before 1.12.6 does not properly determine whether enough memory is available for storing IP address strings, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
CVE-2015-0252 4 Apache, Debian, Fedoraproject and 1 more 4 Xerces-c\+\+, Debian Linux, Fedora and 1 more 2025-04-12 N/A
internal/XMLReader.cpp in Apache Xerces-C before 3.1.2 allows remote attackers to cause a denial of service (segmentation fault and crash) via crafted XML data.
CVE-2015-2317 6 Canonical, Debian, Djangoproject and 3 more 6 Ubuntu Linux, Debian Linux, Django and 3 more 2025-04-12 N/A
The utils.http.is_safe_url function in Django before 1.4.20, 1.5.x, 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1 does not properly validate URLs, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a control character in a URL, as demonstrated by a \x08javascript: URL.
CVE-2014-5119 3 Debian, Gnu, Redhat 5 Debian Linux, Glibc, Enterprise Linux and 2 more 2025-04-12 N/A
Off-by-one error in the __gconv_translit_find function in gconv_trans.c in GNU C Library (aka glibc) allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via vectors related to the CHARSET environment variable and gconv transliteration modules.
CVE-2016-4450 4 Canonical, Debian, F5 and 1 more 4 Ubuntu Linux, Debian Linux, Nginx and 1 more 2025-04-12 7.5 High
os/unix/ngx_files.c in nginx before 1.10.1 and 1.11.x before 1.11.1 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a crafted request, involving writing a client request body to a temporary file.
CVE-2014-2427 4 Canonical, Debian, Oracle and 1 more 8 Ubuntu Linux, Debian Linux, Jdk and 5 more 2025-04-12 N/A
Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound.
CVE-2016-4478 3 Atheme, Debian, Opensuse 4 Atheme, Debian Linux, Leap and 1 more 2025-04-12 N/A
Buffer overflow in the xmlrpc_char_encode function in modules/transport/xmlrpc/xmlrpclib.c in Atheme before 7.2.7 allows remote attackers to cause a denial of service via vectors related to XMLRPC response encoding.
CVE-2014-0138 3 Debian, Haxx, Redhat 4 Debian Linux, Curl, Libcurl and 1 more 2025-04-12 N/A
The default configuration in cURL and libcurl 7.10.6 before 7.36.0 re-uses (1) SCP, (2) SFTP, (3) POP3, (4) POP3S, (5) IMAP, (6) IMAPS, (7) SMTP, (8) SMTPS, (9) LDAP, and (10) LDAPS connections, which might allow context-dependent attackers to connect as other users via a request, a similar issue to CVE-2014-0015.
CVE-2016-2056 2 Debian, Xymon 2 Debian Linux, Xymon 2025-04-12 N/A
xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote authenticated users to execute arbitrary commands via shell metacharacters in the adduser_name argument in (1) web/useradm.c or (2) web/chpasswd.c.
CVE-2016-4952 3 Canonical, Debian, Qemu 3 Ubuntu Linux, Debian Linux, Qemu 2025-04-12 6.0 Medium
QEMU (aka Quick Emulator), when built with VMWARE PVSCSI paravirtual SCSI bus emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds array access) via vectors related to the (1) PVSCSI_CMD_SETUP_RINGS or (2) PVSCSI_CMD_SETUP_MSG_RING SCSI command.
CVE-2016-6211 2 Debian, Drupal 2 Debian Linux, Drupal 2025-04-12 N/A
The User module in Drupal 7.x before 7.44 allows remote authenticated users to gain privileges via vectors involving contributed or custom code that triggers a rebuild of the user profile form.